1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
documentation_complete: true
title: 'Verify Permissions on SSH Server config file'
description: |-
{{{ describe_file_permissions(file="/etc/ssh/sshd_config", perms="0600") }}}
rationale: |-
Service configuration files enable or disable features of their respective
services that if configured incorrectly can lead to insecure and vulnerable
configurations. Therefore, service configuration files should be owned by the
correct group to prevent unauthorized changes.
severity: medium
identifiers:
cce@rhel8: CCE-82894-7
cce@rhel9: CCE-90818-6
cce@rhel10: CCE-86264-9
cce@sle12: CCE-91674-2
cce@sle15: CCE-91306-1
cce@slmicro5: CCE-93887-8
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 5.2.1
cis@sle15: 5.2.1
cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
isa-62443-2009: 4.3.3.7.3
isa-62443-2013: 'SR 2.1,SR 5.2'
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
nist: AC-17(a),CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
srg: SRG-OS-000480-GPOS-00227
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/ssh/sshd_config", perms="-rw-------") }}}'
ocil: |-
{{{ ocil_file_permissions(file="/etc/ssh/sshd_config", perms="-rw-------") }}}
fixtext: '{{{ fixtext_file_permissions(file="/etc/ssh/sshd_config", mode="0600") }}}'
srg_requirement: '{{{ srg_requirement_file_permission(file="/etc/ssh/sshd_config", mode="0600") }}}'
template:
name: file_permissions
vars:
filepath:
- /etc/ssh/sshd_config
filemode: '0600'
|
